Nearly half of manufacturers have been victims of cyber-crime, according to new EEF/AIG report

According to a new report from the manufacturers’ organisation, EEF, and AIG — performed by The Royal United Services Institute (RUSI) — has revealed that nearly half of manufacturers have been the victim of cyber-crime with a quarter suffering some financial loss or disruption to business as a result.

Cyber-threat

The manufacturing sector is the third most targeted for attack, with only government systems and finance more vulnerable. Yet manufacturing — which has 2.6 million employees, provides 10% of UK output and 70% of business research and development — is amongst the least protected sector against cyber-crime in Britain.

‘Cyber-Security for Manufacturing’ report has pinpointed the susceptibility of manufacturers to cyber risk, revealing that 41%of companies do not believe they have access to enough information to even assess their true cyber risk. Additionally, 45% do not feel that they do not have access to the right tools for the job.

Of those surveyed, a third revealed that they were nervous about digital improvement as a result of cyber threat. Furthermore, 12% of manufacturers surveyed admitting to not having any technical or managerial processes in place to even to start assessing the real risk.

Poorly protected office systems can offer an easy route for a cyber-attack. In the report, a number of real-life examples, including two where companies production systems were infiltrated and severely disrupted after hackers accessed the IT systems by going through unprotected office software, were demonstrated.

“More and more companies are at risk of attack and manufacturers urgently need to take steps to protect themselves against this burgeoning threat,” said Stephen Phipson, CEO of EEF. “EEF has a vital role supporting manufacturers in the face of this challenge and we are working closely with RUSI, whose world-leading Cyber Security Research Programme is well established as a key voice to understand the fight against the threat of ever evolving cyber-crime to the modern business.

“We know businesses cannot afford to ignore this issue any longer and while we welcome government’s progress in improving cyber-security resilience, to date through the work of the NCA and NCSC, there needs to be an increasing focus given to the specific needs of manufacturing, which hitherto has been lacking.

“Failing to get this right could cost the UK economy billions of pounds, put thousands of jobs at risk and delay the supply of essential equipment to key public services and major national infrastructure projects. I hope this report underlines the critical risk to government and industry.”

“For many manufacturers, cyber risk is still not considered a principal risk on the risk register. Nevertheless, the cyber threat landscape has evolved over the last year, with attacks becoming more sophisticated and more broadly disruptive. There is an increasing level of state-sponsored attacks between nation states, where companies infected by malware may just be collateral damage. The potential threat from cyber-crime is widespread,” added Romaney O’Malley, head of UK Regions & head of Industrials at AIG Europe. “There is evidentially significant need for greater awareness and understanding of the importance of cyber risk management, not only to protect existing businesses, but to create more secure environments to grow and capitalise on the potential that digital technology advances bring to manufacturers.”

Dr Karin Von Hippel, director general of RUSI said: “The importance of the manufacturing sector to the security of the UK economy cannot be overstated. Increasing digitisation creates further opportunities, but also exposes us to potential vulnerabilities to cyber-attacks, whether from criminals or nation-state adversaries. The sector needs to recognise these risks and respond accordingly.”